diff options
author | Sam Hartman <hartmans@mit.edu> | 2003-06-05 20:14:11 +0000 |
---|---|---|
committer | Sam Hartman <hartmans@mit.edu> | 2003-06-05 20:14:11 +0000 |
commit | 26b8d31d5b0f2445be9c778219c66d747e6a45ce (patch) | |
tree | 7c05f2c54f0b18c9751ce059d9c660cd242399fa /src | |
parent | 3f5671aa36f6a9077018f1919843e5203a165c2d (diff) | |
download | krb5-26b8d31d5b0f2445be9c778219c66d747e6a45ce.tar.gz krb5-26b8d31d5b0f2445be9c778219c66d747e6a45ce.tar.xz krb5-26b8d31d5b0f2445be9c778219c66d747e6a45ce.zip |
If krb5_c_string_to_key is
called with an afs3 salt length for a non-DES enctype, return
KRB5_CRYPTO_INTERNAL.
Ticket: 1521
Status: open
Tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15576 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src')
-rw-r--r-- | src/lib/crypto/ChangeLog | 5 | ||||
-rw-r--r-- | src/lib/crypto/string_to_key.c | 14 |
2 files changed, 19 insertions, 0 deletions
diff --git a/src/lib/crypto/ChangeLog b/src/lib/crypto/ChangeLog index d963e5fdb2..e15663a07d 100644 --- a/src/lib/crypto/ChangeLog +++ b/src/lib/crypto/ChangeLog @@ -1,3 +1,8 @@ +2003-06-05 Sam Hartman <hartmans@mit.edu> + + * string_to_key.c (krb5_c_string_to_key_with_params): Only allow + AFS s2k for DES enctypes + 2003-05-15 Sam Hartman <hartmans@mit.edu> * combine_keys.c (enctype_ok): new function to determine if we support combine_keys for a particular enctype diff --git a/src/lib/crypto/string_to_key.c b/src/lib/crypto/string_to_key.c index 3bd7a4e730..412583185b 100644 --- a/src/lib/crypto/string_to_key.c +++ b/src/lib/crypto/string_to_key.c @@ -71,7 +71,21 @@ krb5_c_string_to_key_with_params(context, enctype, string, salt, params, key) return(KRB5_BAD_ENCTYPE); enc = krb5_enctypes_list[i].enc; +/* xxx AFS string2key function is indicated by a special length in + * the salt in much of the code. However only the DES enctypes can + * deal with this. Using s2kparams would be a much better solution.*/ + if (salt && salt->length == SALT_TYPE_AFS_LENGTH) { + switch (enctype) { + case ENCTYPE_DES_CBC_CRC: + case ENCTYPE_DES_CBC_MD4: + case ENCTYPE_DES_CBC_MD5: + break; + default: + return (KRB5_CRYPTO_INTERNAL); + } + } + (*(enc->keysize))(&keybytes, &keylength); if ((key->contents = (krb5_octet *) malloc(keylength)) == NULL) |